11.4 - what is a default rule?

Question

Hi,
I have some problems with the new 11.4, again.
What I did:
1. created a ltm policy with:
    Strategy        all-match
    Requires        http
    Controls        asm

created a policy rule:
condition       http-uri request path starts-with "/test"
action          asm request enable policy "test_Policy"

Result:
I cannot save the policy and get the error message:
0107172c:3: Policy '/Common/test_RULE'; a policy controlling 'asm' must have a default rule.
what does it mean?
thx

nathe · Answer

Torti - I'm looking into this myself at the mo due to a future migration. Looks like you need two rules for ASM and traffic policies. The example F5 give is the default rule pushes all traffic to the security policy and then you can create custom rules to disable the security policy, say on specific URIs.&nbsp;
Anyway see for more info:&nbsp;
http://support.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-implementations-11-4-0/20.html?sr=32535189&nbsp;
Looks like your default rule might be to disable ASM and the specific rule for /test to enable it.&nbsp;
Hope this helps, N&nbsp;

torti · Answer

it is strange, but if you are using asm Controls, you have to create a rule without conditions. So that every traffic hit the rule.&nbsp;
The new design is really complicated.&nbsp;

Forum Discussion

11.4 - what is a default rule?

2 Replies

Recent Discussions

Find GSLB pool membership from vip IP

Server 2 causing application slowness

F5Access | MacOS Sonoma

AS3 Deployments (shared objects)

Inquiry on F5's Maintenance Mode Feature for Pool Members

Related Content

F5 Distributed Cloud Origin Server Subset Rules

LTM Cipher rule

Logging all AFM Rules

.htaccess to Nginx rules

AFM Protocol Inspection rules for CVE-2022-3602 (aka SpookySSL)